acon: activity-centric access control for social computing
DESCRIPTION
Institute for Cyber Security. ACON: Activity-Centric Access Control for Social Computing. Aug. 25, 2011 International Conference on Availability, Reliability and Security Jaehong Park, Ravi Sandhu, Yuan Cheng Institute for Cyber Security University of Texas at San Antonio. Social Computing. - PowerPoint PPT PresentationTRANSCRIPT
1
ACON: Activity-Centric Access Control for Social Computing
Aug. 25, 2011International Conference on Availability, Reliability and Security
Jaehong Park, Ravi Sandhu, Yuan ChengInstitute for Cyber Security
University of Texas at San Antonio
Institute for Cyber Security
2
Social Computing• Characteristics
– Social computing systems (SCS) provide services to promote information sharing by utilizing user activity information and shared contents• Best seller, friends recommendation, friend activity notification, location-based
service– Both user and SCS provide/access information to be shared– A user wants to control other user’s or SCS’s activities against shared
information or users related to her – User wants to protect their privacy– Both resource and user as a target of activity
• Alice pokes bob, a buyer rates sellers – A user’s activity influences access control decisions
• Rating based popularity
3
Activities in SCS• No traditional access control can cover all the controls necessary for SCS• Activity as a key concept for access control
• Why Activity-centric?– Multiple kinds of activities (in addition to user’s general usage activity against
resource) that have to be controlled.• User’s usage/control activity on user/resource, SCS’s service/control activities
– A user’s usage/control activity influences SCS’s control decision on own and other users’ activities as well as SCS activities.• Once Alice invites Bob as a friend, Bob is allowed to see Alice’s information• If Alice is a friend of Bob and Bob become a friend of Chris, 1) if Chris allows friends of
friends to his contents, Alice can access Chris’s contents; 2) SCS can recommend Chris and Alice as a friend
• Buyers’ ratings on a seller may collectively used to control the seller’s sale activity.
4
Activity Taxonomy in SCS
5
User’s Usage Activities• Usage Activity on Resources
– Read/view shared comments/photos– Typical Focus of Access Control
• Usage Activity on Users– Poke, recommend friends
6
User’s Control Activities• Control Activity on Resources
– By changing attributes and policies of resources– set a resource as a violent content (attribute), accessible only by direct friends
(policy)– Parents can set attributes and policies of children’s resources– Focus of Discretionary Access Control
• Control Activity on Users– By changing user attributes and policies– To control activity performed by/against a particular user (self or other related
users) without knowing a particular resource
• Control Activity on Sessions– By controlling session attributes and policies that are inherited from a user
7
SCS’s (Automated) Activities• Service Activities
– To promote users’ social interactions and information sharing– Friends recommendation, friend activity notification, location-
based coupons, most-viewed videos• Control Activities
– Through managing policies and attributes of users, resources and sessions
– User rating-based seller trustworthiness or product popularity• Decision Activities
– SCS evaluates requests for user’s usage and control activities as well as SCS’s service and control activities
8
Activity(-centric Access) Control Framework
• To capture various users and SCS activities and their influences on control decisions
• To support controls on various access/usage and control activities in SCS
• To support personalized user privacy control• To support automated management of SCS
services and controls
ACON Framework
10
ACON Framework Components
• Users– represent a human being who performs activities in
an SCS– Carry attributes and policies
• Sessions– Represent an active user who has logged into the SCS– A user can have multiple sessions, but not vise versa– Carry attributes and policies that could be different
from user attributes and policies
11
ACON Framework Components (cont)
• Activities– User, SCS, SCS administrator’s activities– Comprise action, target users, target resources
• Action– An abstract function available in SCS – E.g., read, rate, poke, friend-invite, activity notification
• Target users(’ sessions)– Recipients of an action
• Target Resources– Include users’/SCS’s shared contents, user/resource/session
policies and attributes
12
ACON Framework Components (cont)
• SCS’s Decision Activity– based on the consolidated individual user/resource
policies and attributes together w/ SCS policies and attributes
• SCS’s Activity Module (SAM)– A conceptual abstraction of functions that performs
SCS’s automated service and control activities• SCS Administrators– Human being w/ a management role
13
ACON Framework Characteristics• Policy Individualization
– A user’s individual policy includes privacy preferences and activity limits– Collectively used by SCS for control decision on activities– Can be configured by related users
• Separation of user and resource policies– User policy allows controls on 1) user activities w/o knowing a particular
resource and 2) activities performed against the user w/o knowing a particular resource or the actors
– E.g., 1) Bart cannot be a friend of Homer’s coworker, 2) Homer doesn’t want to receive violent contents
• User-session distinction• User relationship independent access control• SCS’s automated service and control activities
14
ACONuser Model – User Activity Control
• U, S, ACT, R, T, P, SCS and D (users, sessions, actions, resources, attributes, policies, social computing system and decision predicate, respectively);
• UT U ⊆ and RT R ⊆ (target users and target resources, respectively);
• dot notation: we understand e.T and e.P to respectively denote the set of attributes and set of policies associated with entity e;
• A, the set of activities is defined as A ACT ×(2⊆ RT ×2UT − )∅ ; • Let A = {a1, a2, ..., an}, we denote the components of each
individual element as ai = (ai.ACT, ai.RT , ai.UT );
15
ACONuser Model – User Activity Control
• AP_RT :A→2RT×P, AP_UT :A→2UT×P, AT_RT :A→2RT×T, AT_UT :A→2UT×T, mappings of activity to a set of target resources and policies, a set of target users and policies, a set of target resources and attributes, and a set of target users and attributes respectively defined as: – AP_RT({a1,..,an})=AP_RT({a1}) ... AP_R∪ ∪ T({an}), AP_RT({ai})={(rt,p)|rt
a∈ i.RT,p r∈ t.P}– AP_UT({a1,..,an})=AP_UT({a1}) ... AP_U∪ ∪ T({an}), AP_UT({ai})={(ut,p)|ut
a∈ i.UT,p u∈ t.P} – AT_RT({a1,..,an})=AT_RT({a1}) ... AT_R∪ ∪ T({an}), AT_RT({ai})= {(rt,t)|rt
a∈ i.RT,t r∈ t.T} – AT_UT({a1,..,an})=AT_UT({a1}) ... AT_U∪ ∪ T({an}), AT_UT({ai})={(ut,t)|ut
a∈ i.UT,t u∈ t.T};
16
ACONuser Model – User Activity Control
• AP(a)=AP_RT(a) AP_U∪ T(a),
• AT(a)=AT_RT(a) AT_U∪ T(a);
• allowed(s,a)⇒D(s.P,s.T,a,AP(a), AT(a),scs.P,scs.T), where s ∈ S and a ∈ A.
17
ACONuser Model – Session Management
• user_sessions : U → 2S, session_users : S → U; • user_added_sessionT : S → 2T , user_removed_sessionT : S → 2T ; • scs_added_sessionT : S → 2T , scs_removed_sessionT : S → 2T ,
scs_required_sessionT : S → 2T ;• user_added_sessionP : S → 2P , user_removed_sessionP : S → 2P ; • scs_added_sessionP : S → 2P , scs_removed_sessionP : S → 2P ,
scs_required_sessionT : S → 2T ;
• user_removed_sessionT(s) {t T |t session users(s).T t ⊆ ∈ ∈ ∧ ∉scs_required_sessionT (s)};
• user_removed_sessionP(s) {p P |p session users(s).P p ⊆ ∈ ∈ ∧ ∉scs required_sessionP(s)};
18
ACONuser Model – Session Management
• assignS_T : S → 2T , assignS_P : S → 2P , assignment of attributes and policies to sessions respectively;
• assignS_T(s) {t T|(t session_users(s).T ) (t ⊆ ∈ ∈ ∨ ∈user_added_sessionT(s)) (t scs_added_sessionT(s)) ¬((t ∨ ∈ ∧ ∈user_removed_sessionT(s)) (t scs_removed_sessionT(s)))}; ∨ ∈
• assignS_P(s) {p P|(p session_users(s).P ) (p ⊆ ∈ ∈ ∨ ∈user_added_sessionP(s)) (p scs_added_sessionP(s)) ¬((p ∨ ∈ ∧ ∈user_removed_sessionP(s)) (p scs_removed_sessionP(s)))}.∨ ∈
19
Examples• A buyer can rate a seller only if the buyer bought a product from
the seller (SCS.P). – N: a list of users, sellerList : S → 2N – allowed(s, rate, ut) u⇒ t sellerList(s)∈
• A user can recommend a friendship between two friends if they are not a friend to each other(SCS.P). – N: a list of users, friends : S → 2N – allowed(s, f-recommend, ut1, ut2)⇒({ut1, ut2} friends(s)) (u∈ ∧ t2 friends(u∉ t1))∧(ut1 friends(u∉ t2))
20
Summary
• Developed activity-centric access control framework for security and privacy in social computing systems.
• Developed initial models for user activity controls and session management.